On 1/26/21 12:41 PM, Matt V wrote:
On Tue, Jan 26, 2021 at 3:17 PM Michael Thomas <[email protected]
<mailto:[email protected]>> wrote:
How do I know when I'm done though if I don't know the IP
addresses who send on my behalf? Is it an actual forgery or is it
Marsha in marketing using a outsourced email blaster?
This is solved with conversation with the relevant stakeholdersĀ in the
organization from IT, Marketing, PR, etc... along with security and
brand policies being enforced.
Ultimately only approved and official email sources will be
authenticated - random sales/marketing people don't get to make those
types of decisionsĀ on the day-to-day. You want an exemption for your
support/marketing tools you need to get it cleared, vetted and
properly authenticated to play.
This is how most large companies resolve this issue.
I worked for a large company and that is much easier said than done
having attempted to do so before the reporting was a twinkle in
anybody's eye. Hence the low uptake of DMARC. Having to know all of the
IP addresses that are legitimate senders for your domain is daunting for
a large enterprise.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
